[Snort-devel] New Mysql rules needed

Anyi Liu aliu1 at ...2608...
Mon Aug 16 08:03:28 EDT 2004


Hi! Everyone, 

     I need some new rule for mysql DB. When I check the rule on rule dir, I can only find 2 rules for Mysql. They are:

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL root login attempt"; flow:to_server,established; content:"|0A 00 00 01 85 04 00 00 80|root|00|"; classtype:protocol-command-decode; sid:1775; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL show databases attempt"; flow:to_server,established; content:"|0F 00 00 00 03|show databases"; classtype:protocol-command-decode; sid:1776; rev:2;)

     Could anyone who work on this field give me new rules to detect Mysql attack?

Thanks
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040816/b00a8765/attachment.html>


More information about the Snort-devel mailing list